• 0 Posts
  • 6 Comments
Joined 9M ago
cake
Cake day: Feb 17, 2024

help-circle
rss

Definitely. Not to be ignored, but for lots of yubikey users, also not something to be overly worried about.


I went into the article thinking I’d need to replace my keys, and after reading decided I’m a very unlikely target for this attack. My threat model doesn’t include nation states, so I’m gonna keep using my yubikeys for the foreseeable future.

I have been thinking about new hardware key(s) that can handle more than 20 passkeys, but that’s not a high priority for me right now.


It’s due to a cryptographic library implementation in a controller used in the yubikey. It’s a third party controller, and this isn’t exclusive to yubikeys either, a shitload of other stuff uses the same controller and is likely vulnerable to the same attack.

Also, the attack requires around $10k worth of equipment and physical access to the yubikey, so while a valid attack vector, it’s also not something to get into a panic about.


Is the mysudo app available to you? Makes it trivially easy to get an anonymous burner number on your existing device


Can you access the command line and install wireguard? If so you can pretty easily set up and connect to proton vpn without needing the proton von app.


My immediate reaction was the same. I don’t trust the NSA at all, but I’m certainly not going to trust anything this site says when it’s shilling the article as an NFT.